JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Docker Scout GitHub Action
Runtime Security Solution for your CI/CD Pipeline
scans popular packages and alerts in cases there is suspicion of an account takeover
Damn Vulnerable SCA Application
Secure GitHub actions with 1 line of code
Materials for the talk "How to automate dependency updates with the Renovate bot"
automated tool designed to scan package dependency files of repositories on GitHub for vulnerable packages
Check CVSS v3.1 and EPSS scores for a given CVE ID and whether its in CISA KEV catalog
Developed a system that keeps track of the product quality and other factors throughout the supply chain by using Blockchain technology
Package policies for Node.js repos to protect against supply chain attacks
Lab repository demonstrates how to create provenance without using the npm CLI and publish a package to npmjs.com with an attached provenance file (not generated by the npm CLI)
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."